Re: No, was Re: QC biometrics needs re-engineering NOW!

["Anders Rundgren" <anders.rundgren@xxxxxxxxxx>]

>> >as you should be able to see from
>> >the archive (but its so long ago I forget, maybe it was
>> >a private posting). I think Steve K. addressed the issue
>> >when he said that handing over a URL says nothing about
>> >who can gets a 404 vs. a 200 when they ask for the content.
>>
>> That is REALLY silly!
>
>No, it is not. It means that the biometric data can be denied to
>you, even though it is available.  You may need a client certificate
>to get it, or a password, or be in an IP range  You don't get it just
>because it is in the certificate.
>
>BTW, I may suggest that including identifying biometric data in
>certificates is unconstitutional in the entire EC, where countries
>have harmonized their constitutions to directly *forbid* any
>initiative which may allow the creation of a unique indentifier,
>a national ID.  Please verify in the current Swedish Carta Magna,
>or German, etc.


Ed, I think that your answer verifies what I have suspected all the time: The authors
of the two variants of bio-metrics linked to certs are not really such lousy engineers,
but are so against the idea of biometrics and PKI that they push solutions that
have no chance to suceed on a wider scale since they are by design 100%
not interoperable.  QCs are unconstitutional?  Stefan, where you?

Anders